SELinux has achieved its goal of protecting Linux systems from intrusion by unauthorized access. But the effort remains in the early adopter stage, and its supporters need to work on broader implementation and greater ease of use, according to Doc Shankar, an IBM Corp. distinguished engineer.
In a preview of his LinuxWorld Conference & Expo workshop, Shankar said that the biggest benefit of SELinux is that systemwide policies automatically and absolutely enforce access controls. No one gets the unrestricted access of a "root" superuser; instead, each user is confined to what he needs to know, he said. In the case of a breech, an intruder is boxed in and can destroy only a portion of the system, he said.
This article is an interesting look at one IBM Engineer's opinion about SELinux. Do you agree with what he says?